Hi Franky, Unlike clamdscan, which has the network socket code written by hand, clamonacc depends on libcurl for all of its network code to communicate with clamd.
The specific feature that we used which bumps the libcurl version requirement to 7.45.0 is "CURLINFO_ACTIVESOCKET". See https://curl.haxx.se/libcurl/c/CURLINFO_ACTIVESOCKET.html for details. Your clamonacc binary should show a link to libcurl and libcurl's dependencies. Mine does. Here is the ldd output from one of my test VMs: micasnyd@oreos:~/clamav-devel/build/install$ ldd bin/clamonacc linux-vdso.so.1 (0x00007ffc7bb61000) libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f112967a000) libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007f11293fb000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f11291dc000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1128deb000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1128be7000) libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007f11289c2000) libidn2.so.0 => /usr/lib/x86_64-linux-gnu/libidn2.so.0 (0x00007f11287a5000) librtmp.so.1 => /usr/lib/x86_64-linux-gnu/librtmp.so.1 (0x00007f1128589000) libpsl.so.5 => /usr/lib/x86_64-linux-gnu/libpsl.so.5 (0x00007f112837b000) libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f11280ee000) libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f1127ea3000) libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007f1127c51000) liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007f1127a43000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1127826000) /lib64/ld-linux-x86-64.so.2 (0x00007f1129d93000) libunistring.so.2 => /usr/lib/x86_64-linux-gnu/libunistring.so.2 (0x00007f11274a8000) libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007f1127143000) libhogweed.so.4 => /usr/lib/x86_64-linux-gnu/libhogweed.so.4 (0x00007f1126f0f000) libnettle.so.6 => /usr/lib/x86_64-linux-gnu/libnettle.so.6 (0x00007f1126cd9000) libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007f1126a58000) libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f1126782000) libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f1126550000) libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f112634c000) libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f1126141000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f1125f26000) libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f1125d0b000) libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007f1125aca000) libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007f112579b000) libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007f1125588000) libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f1125384000) libheimntlm.so.0 => /usr/lib/x86_64-linux-gnu/libheimntlm.so.0 (0x00007f112517b000) libkrb5.so.26 => /usr/lib/x86_64-linux-gnu/libkrb5.so.26 (0x00007f1124eee000) libasn1.so.8 => /usr/lib/x86_64-linux-gnu/libasn1.so.8 (0x00007f1124c4c000) libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f1124a16000) libroken.so.18 => /usr/lib/x86_64-linux-gnu/libroken.so.18 (0x00007f1124800000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f11245f8000) libwind.so.0 => /usr/lib/x86_64-linux-gnu/libwind.so.0 (0x00007f11243cf000) libheimbase.so.1 => /usr/lib/x86_64-linux-gnu/libheimbase.so.1 (0x00007f11241c0000) libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5 (0x00007f1123f76000) libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f1123c6d000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f1123a35000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1123697000) -Micah On 9/27/19, 8:01 AM, "clamav-devel on behalf of Franky Van Liedekerke" <clamav-devel-boun...@lists.clamav.net on behalf of liede...@telenet.be> wrote: I'm replying to this because of the blog entry concerning the new version: CURL (VERSION >= 7.45) REQUIRED FOR INSTALLATION: This is only relevant if you are installing from source, but it is worth noting. It seems a new curl is needed, even on fully patched rhel7 servers. While this is not unsolvable, I'm trying to understand why. Reason for asking: - I'm compiling clamd 0.102-rc from source. It refuses to compile clamonacc if libcurl is not new enough - the blog says it is only needed for compilation, but if I look at the ldd-output of the binaries after compiling, the clamonacc binary has no link to libcurl, but freshclam does So: why would clamonacc during compilation need libcurl? And why would freshclam need such a new curl version (in rhel7 the version is libcurl-7.29.0-51.el7_6.3.x86_64) to just download some files? I can't justify newer clamav version to need to install non-rhel libcurl and libssh2 (dependancy) versions on a server just like that to my manager ... With friendly regards, Franky Op Maandag, 16-09-2019 om 18:13 schreef Joel Esler (jesler): https://blog.clamav.net/2019/09/clamav-01020-release-candidate-is-now.html ClamAV 0.102.0 Release Candidate is now available Today we are publishing the release candidate for ClamAV 0.102.0 (clamav-0.102.0-rc). There have been some bug fixes and minor improvements since the 0.102.0 beta. We do not expect any additional changes should be necessarily before publishing the 0.102.0 stable release. Please take this opportunity to validate that the 0.102.0 release candidate works for your application and that there are no major issues blocking your upgrade to 0.102.0. Release materials for 0.102.0-rc can be found on the ClamAV's downloads site. Release Notes ClamAV 0.102.0 includes an assortment improvements and a couple of significant changes. Major changes * The On-Access Scanning feature has been migrated out of clamd and into a brand new utility named clamonacc. This utility is similar to clamdscan and clamav-milter in that it acts as a client to clamd. This separation from clamd means that clamd no longer needs to run with root privileges while scanning potentially malicious files. Instead, clamd may drop privileges to run under an account that does not have super-user. In addition to improving the security posture of running clamd with On-Access enabled, this update fixed a few outstanding defects: * On-Access scanning for created and moved files (Extra-Scanning) is fixed. * VirusEvent for On-Access scans is fixed. * With clamonacc, it is now possible to copy, move, or remove a file if the scan triggered an alert, just like with clamdscan. For details on how to use the new clamonacc On-Access scanner, please refer to the user manual on ClamAV.net, and keep an eye out for a new blog post on the topic. * The freshclam database update utility has undergone a significant update. This includes: * Added support for HTTPS. * Support for database mirrors hosted on ports other than 80. * Removal of the mirror management feature (mirrors.dat). * An all new libfreshclam library API. Notable changes * Added support for extracting ESTsoft .egg archives. This feature is new code developed from scratch using ESTsoft's Egg-archive specification and without referencing the UnEgg library provided by ESTsoft. This was necessary because the UnEgg library's license includes restrictions limiting the commercial use of the UnEgg library. * The documentation has moved! * Users should navigate to ClamAV.net to view the documentation online. * The documentation will continue to be provided in HTML format with each release for offline viewing in the docs/html directory. * The new home for the documentation markdown is in our ClamAV FAQ Github repository. * To remediate future denial of service conditions caused by excessive scan times, we introduced a scan time limit. The default value is 2 minutes (120000 milliseconds). To customize the time limit: * use the clamscan --max-scantime option * use the clamd MaxScanTime config option * Libclamav users may customize the time limit using the cl_engine_set_num function. For example: cl_engine_set_num(engine, CL_ENGINE_MAX_SCANTIME, time_limit_milliseconds) Other improvements * Improved Windows executable Authenticode handling, enabling both whitelisting and blacklisting of files based on code-signing certificates. Additional improvements to Windows executable (PE file) parsing. Work courtesy of Andrew Williams. * Added support for creating bytecode signatures for Mach-O and ELF executable unpacking. Work courtesy of Jonas Zaddach. * Re-formatted the entire ClamAV code-base using clang-format in conjunction with our new ClamAV code style specification. See the clamav.net blog post for details. * Integrated ClamAV with Google's OSS-Fuzz automated fuzzing service with the help of Alex Gaynor. This work has already proven beneficial, enabling us to identify and fix subtle bugs in both legacy code and newly developed code. * The clamsubmit tool is now available on Windows. * The clamscan metadata feature (--gen-json) is now available on Windows. * Significantly reduced number of warnings generated when compiling ClamAV with "-Wall" and "-Wextra" compiler flags and made many subtle improvements to the consistency of variable types throughout the code. * Updated the majority of third-party dependencies for ClamAV on Windows. The source code for each has been removed from the clamav-devel repository. This means that these dependencies have to be compiled independently of ClamAV. The added build process complexity is offset by significantly reducing the difficulty of releasing ClamAV with newer versions of those dependencies. * During the 0.102 development period, we've also improved our Continuous Integration (CI) processes. Most recently, we added a CI pipeline definition to the ClamAV Git repository. This chains together our build and quality assurance test suites and enables automatic testing of all proposed changes to ClamAV, with customizable parameters to suit the testing needs of any given code change. * Added a new clamav-version.h generated header to provide version number macros in text and numerical format for ClamAV, libclamav, and libfreshclam. * Improved cross-platform buildability of libxml2. Work courtesy of Eneas U de Queiroz with supporting ideas pulled from the work of Jim Klimov. Bug fixes * Fix to prevent a possible crash when loading LDB type signature databases and PCRE is not available. Patch courtesy of Tomasz Kojm. * Fixes to the PDF parser that will improve PDF malware detection efficacy. Patch courtesy of Clement Lecigne. * Fix for regular expression phishing signatures (PDB R-type signatures). * Various other bug fixes. New Requirements * Libcurl has become a hard-dependency. Libcurl enables HTTPS support for freshclam and clamsubmit as well as communication between clamonacc and clamd. * Libcurl version >= 7.45 is required when building ClamAV from source with the new On-Access Scanning application (clamonacc). Users on Linux operating systems that package older versions of libcurl (e.g. all versions of CentOS and Debian versions _______________________________________________ clamav-devel mailing list clamav-de...@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Bugzilla: http://bugzilla.clamav.net Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
